Release 0.10.2

Fixed

• PR#376 fixed the JSON formatting when using --format json output option. Thanks @dnaka91!

Changed

• PR#377 updated dependencies.

Release 0.10.1

Fixed

• PR#347 resolved #372 by correcting a slight mistake that resulted in an incorrect hash making cargo-deny unable to lookup index or crate information from the local file system.

Release 0.10.0

Added

• PR#353 resolved #351 by adding the sources.private field to blanket allow git repositories sourced from a particular url.
• PR#359 resolved #341 and #357 by adding support for the --frozen, --locked, and --offline flags to determine whether network access is allowed, and whether the Cargo.lock file can be created and/or modified.
• PR#368 added the licenses.unused-allowed-license field to control whether the L006 - license was not encountered diagnostic. Thanks @thomcc!

Changed

• PR#358 bumped the Minimum Stable Rust Version to 1.53.0.
• PR#358 bumped various dependencies, notably semver to 1.0.3.

Release 0.9.1

Changed

• Updated dependencies

0.9.0

Changed

• Updated krates, which in turn uses an updated cargo_metadata which uses camino for utf-8 paths. Rather than support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses Utf8Path/Buf, which means that non-utf-8 paths for things like your Cargo.toml manifest or license paths will no longer function. This is a breaking change, that can be reverted if it is disruptive for users, but the assumption is that cargo-deny is operating on normal checkouts of rust repositories that are overwhelmingly going to be utf-8 compatible paths.

0.8.9

Fixed

• Updated rustsec crate to address fetch failures due to the renaming of the master branch to main for https://github.com/rustsec/advisory-db

0.8.8

Changed

• Updated dependencies, notably cargo and rustsec.
• Increase MSRV to 1.46.0 due to bump of smol_str/rustsec.
• Updated SPDX license list supported from 3.8 to 3.11 due to update of spdx.
• Add use of the --locked flag in all cargo install instructions, to avoid the default (broken) behavior as shown in #331.

0.8.7

Fixed

• Resolved #331 by updating bitvec and funty.

0.8.5

Added

• PR#315 resolved #312 by adding support for excluding packages in the deny configuration file, in addition to the existing support for the --exclude CLI option. Thanks @luser!

Fixed

• PR#318 fixed #316 by adding a workaround for crate versions with pre-release identifiers in them that could be erroneously marked as matching advisories in an advisory database. Thanks for reporting this @djc!

0.8.4

Changed

• Updated dependencies, notably rustsec, crossbeam*, and cargo.
• Bumped the Minimum Stable Rust Version to 1.44.1.